And that, said the scientists, could not surprisingly lead to catastrophic results.
The researchers looked at three sets of devices and apps that private pilots commonly use – the Appareo Stratus 2 receiver using the ForeFlight app; the Garmin GDL 39 receiver with the Garmin Pilot app; and the SageTech Clarity CL01 with the WingX Pro7 app.
These devices let hobby pilots use the same info that pilots of a private jet receive but the systems cost $1,000, compared to $20,000 for instruments in high end cockpits.
The devices display location, weather, airspace restrictions and nearby aircraft on a tablet computer via the apps and that’s where the vulnerabilities start. Kirill Levchenkto, a computer scientist at UC San Diego said: “When you attack these devices, you don’t have control over the aircraft, but you have control over the information the pilot sees.”
Apparently the FAA has the authority to regulate devices but chooses not to as they’re not part of the fabric of a plane.
All three devices let attackers tamper with communication between receiver and tablet.
There are ways to fix the vulnerabilities including cryptography, signed firmware updates and explicit user interaction before downloading device firmware.